<aside> <img src="/icons/window_gray.svg" alt="/icons/window_gray.svg" width="40px" /> The means or pathway by which an attacker can gain access to a computer or network to deliver a malicious payload or carry out an unwanted action is called a Threat Vector

</aside>

<aside> <img src="/icons/upload-folder_gray.svg" alt="/icons/upload-folder_gray.svg" width="40px" /> An Attack Surface encompasses all the various points where an unauthorized user can try to enter data to or extract data from an environment

</aside>

These can be minimized by:

• Restricting Access
• Removing unnecessary software
• Disabling unused protocols

Think of threat vectors as the ”how” of an attack, whereas the attack surface is the ”where” of the attack

Several different threat vectors that could be used to attack your enterprise networks:

• Messages
  • Message-based threat vectors include threats delivered via email, simple message service (SMS text messaging), or other forms of instant messaging
  • Phishing campaigns are commonly used as a part of a message-based threat vector when an attacker impersonates a trusted entity to trick its victims into revealing their sensitive information to the attacker
• Images
  • Image-based threat vectors involve the embedding of malicious code inside of an image by the threat actor
• Files
  • The files, often disguised as legitimate documents or software, can be transferred as email attachments, through file-sharing services, or hosted on a malicious website
• Voice Calls
  • Vishing
    • Use of voice calls to trick victims into revealing their sensitive information to an attacker
• Removable Devices
  • One common technique used with removable devices is known as baiting
    • Baiting
      • Attacker might leave a malware-infected USB drive in a location where their target might find it, such as in the parking lot or the lobby of the targeted organization
• Unsecure Networks
  • Unsecure networks include wireless, wired, and Bluetooth networks that lack the appropriate security measures to protect these networks
  • If wireless networks are not properly secured, unauthorized individuals can intercept the wireless communications or gain access to the network
  • Wired networks tend to be more secure than their wireless networks, but they are still not immune to threats
    • Physical access to the network infrastructure can lead to various attacks
      • MAC Address Cloning
      • VLAN Hopping
  • By exploiting vulnerabilities in the Bluetooth protocol, an attacker can carry out their attacks using techniques like the BlueBorne or BlueSmack exploits
    • BlueBorne
      • Set of vulnerabilities in Bluetooth technology that can allow an attacker to take over devices, spread malware, or even establish an on-path attack to intercept communications without any user interaction
    • Bluesmack
      • Type of Denial of Service attack that targets Bluetooth-enabled devices by sending a specially crafted Logical Link Control and Adaptation Protocol packet to a target device